Tag Archives: SonicWall

Firewall Down Alert – KB1039851

KB1039851

Description:  Alert that the customer’s Firewall is reporting down

Common customer description: I can’t connect to the servers

We have no internet

Probing questions: Did someone recently reboot the firewall device?

Was there a power outage?

Steps to isolate: Log into the firewall portal to verify that it went down

Steps to resolve:

1. Check the Networking Tab to find their Firewall device

Firewall - Network Device

2. Connect to the OM or their server and ping the firewall device

ping firewall

3. If your not able to ping the device, the firewall is down. Call the customer to see why it’s down

4. If you are able to ping the device, connect to the firewall’s web console

able to ping - firewall

Steps on Connecting the the Firewall Web Console

1. Find the firewall’s IP Address in the Networking Tab

Firewall - Network Device

2. Connect to the OM or their server and type the IP address in IE, Chrome, or Firefox

Web firewall

3. Enter the username and password for the firewall device under the Networking Tab

firewall login

4. If the device was rebooted recently, call the customer to see if they rebooted the device

Uptime for sonicwall

 

Additional considerations: If the customer doesn’t know why the firewall went down or why it was rebooted, say that we will monitor this issue to see if it comes down again. If it does go down again, follow the same steps above and then call the customer again, if again they don’t know, consult with a Tier 2 tech.

TCP XMAS Scan Probable – KB1039790

KB1039790

Description:  This alert comes from the Sonicwall device, basically it comes up when an outside source scans the ports to see what ports are open and closed. This could mean a possible attack on the customer’s network.

Common customer description: Customer usually doesn’t call for this. unless the customer checks their Event logs and see unusual activity, they could potentially call or if we bring it up to their attention by calling them after we get all the pieces put together.

Probing questions: Was there a disgruntled employee that might have access still?

Was there recent install of software or applications?

When did you notice this happening?

Steps to isolate: Check Event Viewer, try to pinpoint when this started and see if how frequent this is. Check the Sonicwall with a Tier 2 tech

Steps to resolve: The biggest thing is to check their Sonicwall with a Tier 2 tech, they will check to see if everything is “locked down” and there isn’t any open ports or if the wrong applications are using the wrong ports. This is extremely important since the Tier 2 tech can help decide how severe this is and what the next steps should be.

Additional considerations: This can be a serious alert since it’s a potential attack on their system. This should not be taken lightly and be looked at with a Tier 2 tech or Tier 3 to make sure that everything is okay on the customer’s side.

VPN Client Setup – The Basics KB1039291

KB1039291

VPN Client Setup

Windows VPN CLients
Cisco IPSec
Cisco SSL
Sonicwall IPSec
Sonicwall SSL
PPTP

MAC VPN CLients
Cisco IPSec
Cisco SSL
Sonicwall SSL
PPTP

What is VPN?
Virtual Private Network. Communicates from remote network to private network.

Why do we need it?
Securely access computers, files, connecting Outlook to Exchange remotely.

How do I set it up?
There are several different VPN clients to use.

What info is needed?
Local user or domain login, public IP/domain name, VPN group name, pre-shared key, username, and password.

Authentication methods
LDAP – Allows applications running on almost any platform to obtain directory info.
RADIUS – Authenticates to a RADIUS server installed on Active Directory.
Local Accounts – Uses local user accounts on the firewall itself.

When is it billable?
VPN client installs are non-billable. Troubleshooting connections are billable.

Public vs Private IPs
There are static and dynamic addresses.
Public IPs face outward to the internet.
Private IPs are for internal networks.

PCF files
Profile Configuration File. Automatically configures VPN client when imported.

TCP and UDP
Transmission Control Protocol (TCP) is a connection-oriented protocol.
User Datagram Protocol (UDP) is a connectionless protocol.
TCP will wait for information if it gets lost during delivery. UDP will not.

VPN Process
How the connection process unfolds

Installation
Communication
Authentication
Establishing a connection
Connected

Picture1

Try the VPN connection on your computer

Connection
Authentication
Group issues

The client only partially installs
Check to see if there is an error code
Uninstall the client
Clear temp files
Remove other VPN clients*
Reboot

Status stuck on “Connecting”
Ping Public IP or VPN domain name
New ISP or other ISP issue
Connectivity at remote location
Office down

Same subnet
192.168.0.x on both remote and office locations

See if their AV blocks communication
Trend Micro
Symantec
AVG

See if their firewall blocks communication
Windows Firewall

Find out if ports are blocked
Telnet
Open Command Prompt
Type telnet PublicIPAddress port

Picture2

Picture3

Common VPN ports
TCP 1723
TCP 1701
UDP 500
TCP 4500

Allow inbound and outbound ports
Start > Control Panel > Windows Firewall > Advanced Settings > Inbound Rules (or Outbound Rules) >
New Rule > Select Port > Click Next > Select which protocol (TCP or UDP) > Select Specific local ports > Type port or port range > Click Next > Select Allow the connection > Click Next > Select Domain, Private, and Public > Click Next > Name the rule > Click Finish >

Picture4

Picture5

Picture6

Picture7

Picture8

Picture9

Picture10

Cannot get past the group name or username screen
Check spelling
Case sensitive usernames
Verify username
Reset password

VPN connects, but there is no access to anything

Same subnet or wrong subnet
192.168.0.x on both office and remote locations
APIPA address – 169.254.x.x

Connect by IP or Fully Qualified Domain Name
Servername.domain.local instead of servername

Reinstall the VPN client.
Remove VPN client
Reboot
Reinstall

Consult Tier 2
Less common issues (Example: DNE Update for Cisco)
Firewall configuration
Escalate

Connecting to a firewall

Find the information to connect to a firewall
Sonicwall
Cisco

 

Put the IP address into a browser
May need to specify https:// and/or port number
Common ports: 8080 and 4443.
https://ipaddress:port

Picture12

Picture13

Picture14 Picture15 Picture16

Multiple consoles
ASDM
SSH (PuTTY)

Setting up a local user in the firewall
Sonicwall
Cisco

Local versus AD accounts


Local

LDAP not supported
Few users allowed
Not using Active Directory
ADPreferred authorization method
Less hassle on user’s end

Connect to Sonicwall Navigate to:
Users > Local Users > Add User… > Enter username and password > Go to Groups tab >

Picture17

Check Groups – Everyone, Trusted Users, and VPN
Highlight group name

Click the right arrow below to send it to Member Of:
Go to VPN Access tab

Picture18

Go to VPN Access tab
Find “Firewalled Subnets” under Networks and Highlight it
Click the right arrow below to send it to the Access List
Click OK

Picture19

Connect to Cisco Navigate to:
Configuration
Remote Access VPN
AAA/Local Users
Local Users
Click Add
Enter username and password
Set privilege to No ASDM, SSH, Telnet, or Console access
Click OK
Click Apply
Click Save

Picture20

Cisco Meraki
Escalate to Tier 2

Domain User Setup
Setting up or modifying a domain user
Active Directory

Suggested account setup
Username = (First initial of first name)(last name)
Password = Password1

Password settings
Uncheck all settings

Picture21

Picture22 Picture23

Uses Routing and Remote Access
Active Directory group
Dial-in tab
Local firewall user

Picture24

VPNs on laptops

Will not affect work functionality

How users might ask
“I need to get to my folders”
Could mean desktop folders (RDP)
Could mean server folders (Mapped Drives)

Verify
Can they access the resources they were calling in about?

Windows Sonicwall SSL Setup KB1039287

KB1039287

Windows Sonicwall SSL Setup

1. Install the client.
a. With some setups, you can go to a website in a browser, login with network username/password, and download the client. This will automatically set up the client for connection. Skip to step 4.

2. Find the information to connect

3. Creating a new connection

a. Open Sonicwall NetExtender client.
b. Enter the Public IP or fully qualified domain name.
c. Enter username/password.
d. Enter domain name.

213

 

4. Attempt connection.
a. Click Connect.
b. You should now be connected. Depending on how the client would like to use their VPN, we may need to set up an RDP connection, mapped drives, Outlook, etc.

Windows Sonicwall IPSec Setup KB1039282

KB1039282

Windows Sonicwall IPSec Setup

1. Install the client.
a. There are 32 bit and 64 bit versions. Be sure that the VPN client version matches the OS version. Go to Start -> right click Computer -> Properties -> System -> System type.

2. Find the information to connect

3. Creating a new connection

a. Open Sonicwall Global VPN Client
b. Click the + sign for a new connection
a. Click Next. Make sure Remote Access is selected. Click Next
b. Enter the Public IP or fully qualified domain name. Give the connection a name. Click Next.
c. Click Finish.

 

4. Attempt connection.
a. Highlight the connection. Click Enable.
b. Enter pre-shared key.
c. Enter credentials.
d. You should now be connected. Depending on how the client would like to use their VPN, we may need to set up an RDP connection, mapped drives, Outlook, etc.

 

MAC Sonicwall SSL Setup KB1039278

KB1039278

Mac Sonicwall SSL

1. Find the information to connect

2. Install the client.
a. With some setups, you can go to a website in a browser, login with network username/password, and download the client. This will automatically set up the client for connection. Skip to step 4.
b. Client can be found in the App Store under Sonicwall Mobile Connect. It is free to download.

3. Creating a new connection
a. Open Sonicwall NetExtender client.
b. Click Add Connection.
c. Enter the display name of the connection.
d. Enter the Public IP or fully qualified domain name. Click Next.
e. Enter username/password.
f. Enter domain name. Click Save.

 

4. Attempt connection.
a. Click Connect.
b. You should now be connected. Depending on how the client would like to use their VPN, we may need to set up an RDP connection, mapped drives, Outlook, etc.

Cannot uninstall NetExtender KB1039108

KB1039108

Description:  Cannot uninstall NetExtender

Common customer description:

“We cannot uninstall NetExtender to install the latest version.”

Probing questions:

Is it listed in Add & Remove Programs / Programs & Features?
What have you done to try and remove it?

Steps to isolate:

Remotely connect to computer.
Verify that it is not in Add & Remove Programs / Programs & Features

Steps to resolve:

Uninstall Executable Link This is a safe file!
Use the uninstall.exe from another computer that contains it in C:Program Files (x86)SonicWALLSSL-VPNNetExtender folder either on another clients computer or your own if you have it installed.  Copy uninstall.exe into the affected computers C:Program Files (x86)SonicWALLSSL-VPNNetExtender folder and run it.  Once it has uninstalled there might be some files left over.  Manually delete those out of the folder and proceed to install the newer version.

Additional considerations:

This has been tested and working on version 3.5 being installed and uninstalled with version 6.0 uninstall.exe.  Revo uninstaller, CCleaner, and Windows will not find all of the necessary registry keys for a complete uninstall.